Under the context of this discussion, I want to ask a question about DNS UDP size in IPv4/IPv6.
I read SAC-035 about a test on Broadband Routers and Firewalls. There are 27% DNS proxy still can not pass the packets larger than 512. I don't konw whether it will be overcame by using IPv6 for transportation. On the specification, IPv6 MTU is 1280 which gives a relief to that constrain. Some body may say the enlargement of IPv6 MTU is trivial and do not do much help to the EDNS0 efficiency ( more large packets> 1280). But I have argument that the enlargement to 1280-1500 is vital and enough for the case of priming exchange and DNSSEC. To defend my point, I need some data and experience from dual stack DNS operators who may compare the IPv4 and IPv6 DNS operation before. Do you guys have any idea or pointers to related documents? Thank you in advance. Davey On Sat, Sep 13, 2014 at 5:37 PM, Franck Martin <[email protected]> wrote: > I’m trying to figure out EDNS with UDP fragmentation on both IPv4 and IPv6 > network. > > My understanding is that UDP fragmentation is something frown upon in IPv4 > and even more on IPv6 (because of processing power needed, and security > concerns)? > > What is the recommended setup for EDNS? > -limit size to <1500? on both IPv4 and IPv6? > -allow UDP fragmentation on IPv4 and IPv6, how securely? > > How does that play with DNSSEC large data records? I have seen that with > some low TTL, bind tends not to fallback (from 4096 to 512) fast enough > often to return an answer within the time allocated. > > Any good documentation, pointers? > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs >
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
